You  may recall that Microsoft disabled automatic Dynamic Data Exchange (DDE) in Word back in December. I wrote about the problem and its solution in "Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation." Microsoft stopped automatic DDE, the {DDEAUTO} field in Word, while setting up certain registry entries that can soften that decision.

This month, I was surprised to discover Microsoft has made a roughly analogous change in Excel. Applying this month’s Excel security patches doesn’t change the DDE server launch and DDE server lookup settings, but it does give admins the ability to stifle both of the user prompts associated with DDE access.

To read this article in full, please click here